Showing posts with label Security Center Playbooks. Show all posts
Showing posts with label Security Center Playbooks. Show all posts
Azure Security Center Playbooks Introduction
Azure Security Centre is a great tool in order to manage your hybrid cloud security health. As I have previously written its a tool that can be used to monitor both Azure infrastructure as well as on-premises machines with a central monitoring dashboard. Please feel read to read the other blog post in the Azure Security Centre series. http://www.ruckcloud.ml/2018/02/using-azure-security-center-for.html
Today I will be writing about a specific feature of the Azure Security Centre called Security Playbooks. Security Playbooks are alert triggered procedures that run within Azure Security Center. When a specific alert is is triggered a playbook will run that will automate a response to that specific alert. This can help orchestrate as well as speed up security alert management.
Security Playbooks are based on Azure Logic Apps. What this gives us is the ability to use security templates based in Azure Logic Apps which you can edit or create and then trigger these with Security Centre.
What are Azure Logic apps?
Azure Logic Apps help to simplify and implement scale-able integrations and workflows in the cloud. Please see further info at the end of this post.
Creating a Security Playbook
Please see the below steps in order to create a Security Playbook in the Azure portal:
1. Select Security Centre - Playbooks (preview) - Add Playbook
2. Create logic app:
4. Click on the newly created logic app which will launch the logic app designer:
5. Click blank logic app:
7. Add an action to run and click save:
8. After this has been completed, the playbook can be run from Security Center "Playbooks"
Please read further on Azure Logic Apps: https://docs.microsoft.com/en-gb/rest/api/logic/
Subscribe to:
Posts (Atom)